Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Backdoor Trojan


  • Please log in to reply
22 replies to this topic

#1 ak_907

ak_907

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:01 PM

Posted 19 October 2012 - 05:05 PM

Tried to download a file and got a virus.
I Googled information and found this forum topic
http://www.bleepingcomputer.com/forums/topic471667.html
I tried the instructions but failed to Clean my Computer

My Computer Is a Gateway Windows Vista


Here is the TDSSKiller LOG

13:23:42.0004 3044 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
13:23:43.0750 3044 ============================================================
13:23:43.0750 3044 Current date / time: 2012/10/19 13:23:43.0750
13:23:43.0750 3044 SystemInfo:
13:23:43.0751 3044
13:23:43.0751 3044 OS Version: 6.0.6002 ServicePack: 2.0
13:23:43.0751 3044 Product type: Workstation
13:23:43.0751 3044 ComputerName: MY-PC
13:23:43.0751 3044 UserName: I
13:23:43.0751 3044 Windows directory: C:\Windows
13:23:43.0751 3044 System windows directory: C:\Windows
13:23:43.0751 3044 Running under WOW64
13:23:43.0751 3044 Processor architecture: Intel x64
13:23:43.0751 3044 Number of processors: 2
13:23:43.0751 3044 Page size: 0x1000
13:23:43.0751 3044 Boot type: Normal boot
13:23:43.0751 3044 ============================================================
13:23:44.0291 3044 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:23:44.0300 3044 ============================================================
13:23:44.0300 3044 \Device\Harddisk0\DR0:
13:23:44.0300 3044 MBR partitions:
13:23:44.0300 3044 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1400800, BlocksNum 0xDEE2000
13:23:44.0300 3044 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xF2E2800, BlocksNum 0xDEE2800
13:23:44.0300 3044 ============================================================
13:23:44.0320 3044 C: <-> \Device\Harddisk0\DR0\Partition1
13:23:44.0372 3044 D: <-> \Device\Harddisk0\DR0\Partition2
13:23:44.0372 3044 ============================================================
13:23:44.0372 3044 Initialize success
13:23:44.0372 3044 ============================================================
13:24:16.0838 3676 ============================================================
13:24:16.0838 3676 Scan started
13:24:16.0838 3676 Mode: Manual; TDLFS;
13:24:16.0838 3676 ============================================================
13:24:17.0152 3676 ================ Scan system memory ========================
13:24:17.0152 3676 System memory - ok
13:24:17.0153 3676 ================ Scan services =============================
13:24:17.0370 3676 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
13:24:17.0374 3676 ACPI - ok
13:24:17.0433 3676 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
13:24:17.0443 3676 adp94xx - ok
13:24:17.0471 3676 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys
13:24:17.0478 3676 adpahci - ok
13:24:17.0500 3676 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
13:24:17.0503 3676 adpu160m - ok
13:24:17.0516 3676 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
13:24:17.0520 3676 adpu320 - ok
13:24:17.0579 3676 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
13:24:17.0580 3676 AeLookupSvc - ok
13:24:17.0632 3676 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys
13:24:17.0636 3676 AFD - ok
13:24:17.0670 3676 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys
13:24:17.0673 3676 agp440 - ok
13:24:17.0699 3676 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
13:24:17.0702 3676 aic78xx - ok
13:24:17.0722 3676 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
13:24:17.0724 3676 ALG - ok
13:24:17.0760 3676 [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide C:\Windows\system32\drivers\aliide.sys
13:24:17.0762 3676 aliide - ok
13:24:17.0785 3676 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys
13:24:17.0787 3676 amdide - ok
13:24:17.0819 3676 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
13:24:17.0821 3676 AmdK8 - ok
13:24:17.0900 3676 [ B11291CBC71231C373743055FB7F5B48 ] AppHostSvc C:\Windows\system32\inetsrv\apphostsvc.dll
13:24:17.0901 3676 AppHostSvc - ok
13:24:17.0927 3676 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
13:24:17.0928 3676 Appinfo - ok
13:24:18.0053 3676 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:24:18.0054 3676 Apple Mobile Device - ok
13:24:18.0090 3676 [ 0EEFF7103E4F3E783F3D2B870AF67F1C ] appliand C:\Windows\system32\DRIVERS\appliand.sys
13:24:18.0091 3676 appliand - ok
13:24:18.0096 3676 [ 0EEFF7103E4F3E783F3D2B870AF67F1C ] appliandMP C:\Windows\system32\DRIVERS\appliand.sys
13:24:18.0097 3676 appliandMP - ok
13:24:18.0125 3676 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys
13:24:18.0128 3676 arc - ok
13:24:18.0164 3676 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
13:24:18.0167 3676 arcsas - ok
13:24:18.0206 3676 ASPI - ok
13:24:18.0214 3676 ASPI32 - ok
13:24:18.0240 3676 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
13:24:18.0242 3676 AsyncMac - ok
13:24:18.0261 3676 [ 1898FAE8E07D97F2F6C2D5326C633FAC ] atapi C:\Windows\system32\drivers\atapi.sys
13:24:18.0262 3676 atapi - ok
13:24:18.0326 3676 [ 6523130BB523083D16C23630ADD54BF9 ] athr C:\Windows\system32\DRIVERS\athrx.sys
13:24:18.0338 3676 athr - ok
13:24:18.0404 3676 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:24:18.0409 3676 AudioEndpointBuilder - ok
13:24:18.0421 3676 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
13:24:18.0426 3676 AudioSrv - ok
13:24:18.0500 3676 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll
13:24:18.0510 3676 BFE - ok
13:24:18.0542 3676 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
13:24:18.0544 3676 blbdrive - ok
13:24:18.0634 3676 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
13:24:18.0638 3676 Bonjour Service - ok
13:24:18.0680 3676 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
13:24:18.0681 3676 bowser - ok
13:24:18.0714 3676 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
13:24:18.0716 3676 BrFiltLo - ok
13:24:18.0723 3676 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
13:24:18.0725 3676 BrFiltUp - ok
13:24:18.0767 3676 [ 71142FA02068CB93C9319417737C915D ] Bridge C:\Windows\system32\DRIVERS\bridge.sys
13:24:18.0771 3676 Bridge - ok
13:24:18.0778 3676 [ 71142FA02068CB93C9319417737C915D ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
13:24:18.0780 3676 BridgeMP - ok
13:24:18.0827 3676 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
13:24:18.0830 3676 Browser - ok
13:24:18.0855 3676 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
13:24:18.0858 3676 Brserid - ok
13:24:18.0876 3676 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
13:24:18.0878 3676 BrSerWdm - ok
13:24:18.0916 3676 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
13:24:18.0918 3676 BrUsbMdm - ok
13:24:18.0939 3676 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
13:24:18.0940 3676 BrUsbSer - ok
13:24:18.0964 3676 [ 86F46C41F773DA5A4A1D221C9201E3B8 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
13:24:18.0965 3676 BthEnum - ok
13:24:18.0991 3676 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
13:24:18.0993 3676 BTHMODEM - ok
13:24:19.0017 3676 [ BEFC5311736B475AC5B60C14FF7C775A ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
13:24:19.0020 3676 BthPan - ok
13:24:19.0044 3676 [ E76F40C8DFFD33B6F142DE90D3CABB73 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
13:24:19.0050 3676 BTHPORT - ok
13:24:19.0089 3676 [ 22E65FFD640F16968F855F5B3528D366 ] BthServ C:\Windows\System32\bthserv.dll
13:24:19.0091 3676 BthServ - ok
13:24:19.0100 3676 [ CD52602D1884C6867269BABCB67849C5 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
13:24:19.0102 3676 BTHUSB - ok
13:24:19.0129 3676 [ 52833836D889E1E36F79F4CE975AE8DE ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
13:24:19.0129 3676 btwaudio - ok
13:24:19.0149 3676 [ 124F5E01803D89332E956C25681395B9 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
13:24:19.0151 3676 btwavdt - ok
13:24:19.0161 3676 [ 398F9EFFE659BB79E73259153A884261 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
13:24:19.0162 3676 btwl2cap - ok
13:24:19.0181 3676 [ FF7717CF84333CBA4287AC6FE423B385 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
13:24:19.0181 3676 btwrchid - ok
13:24:19.0239 3676 [ C25362669072F6AA8D4C3415D8B30B7A ] CAXHWAZL C:\Windows\system32\DRIVERS\CAXHWAZL.sys
13:24:19.0242 3676 CAXHWAZL - ok
13:24:19.0270 3676 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
13:24:19.0272 3676 cdfs - ok
13:24:19.0320 3676 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
13:24:19.0323 3676 cdrom - ok
13:24:19.0364 3676 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll
13:24:19.0365 3676 CertPropSvc - ok
13:24:19.0388 3676 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\drivers\circlass.sys
13:24:19.0390 3676 circlass - ok
13:24:19.0441 3676 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys
13:24:19.0448 3676 CLFS - ok
13:24:19.0499 3676 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:24:19.0500 3676 clr_optimization_v2.0.50727_32 - ok
13:24:19.0569 3676 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:24:19.0571 3676 clr_optimization_v2.0.50727_64 - ok
13:24:19.0659 3676 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:24:19.0663 3676 clr_optimization_v4.0.30319_32 - ok
13:24:19.0754 3676 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:24:19.0757 3676 clr_optimization_v4.0.30319_64 - ok
13:24:19.0793 3676 [ B52D9A14CE4101577900A364BA86F3DF ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
13:24:19.0794 3676 CmBatt - ok
13:24:19.0823 3676 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
13:24:19.0825 3676 cmdide - ok
13:24:19.0866 3676 [ 73B6990CB91D0B249CB104B7DAC1E4A3 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
13:24:19.0870 3676 CnxtHdAudService - ok
13:24:19.0884 3676 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
13:24:19.0885 3676 Compbatt - ok
13:24:19.0908 3676 COMSysApp - ok
13:24:19.0920 3676 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
13:24:19.0921 3676 crcdisk - ok
13:24:19.0973 3676 [ 62740B9D2A137E8CED41A9E4239A7A31 ] CryptSvc C:\Windows\system32\cryptsvc.dll
13:24:19.0977 3676 CryptSvc - ok
13:24:20.0041 3676 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll
13:24:20.0050 3676 DcomLaunch - ok
13:24:20.0083 3676 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
13:24:20.0084 3676 DfsC - ok
13:24:20.0217 3676 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe
13:24:20.0247 3676 DFSR - ok
13:24:20.0310 3676 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
13:24:20.0313 3676 Dhcp - ok
13:24:20.0345 3676 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys
13:24:20.0346 3676 disk - ok
13:24:20.0384 3676 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
13:24:20.0386 3676 Dnscache - ok
13:24:20.0434 3676 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll
13:24:20.0436 3676 dot3svc - ok
13:24:20.0472 3676 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
13:24:20.0474 3676 DPS - ok
13:24:20.0505 3676 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
13:24:20.0506 3676 drmkaud - ok
13:24:20.0559 3676 [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
13:24:20.0565 3676 DXGKrnl - ok
13:24:20.0600 3676 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
13:24:20.0603 3676 E1G60 - ok
13:24:20.0640 3676 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
13:24:20.0642 3676 EapHost - ok
13:24:20.0681 3676 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys
13:24:20.0682 3676 Ecache - ok
13:24:20.0731 3676 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
13:24:20.0738 3676 ehRecvr - ok
13:24:20.0757 3676 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe
13:24:20.0760 3676 ehSched - ok
13:24:20.0779 3676 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
13:24:20.0780 3676 ehstart - ok
13:24:20.0831 3676 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
13:24:20.0839 3676 elxstor - ok
13:24:20.0899 3676 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll
13:24:20.0903 3676 EMDMgmt - ok
13:24:20.0930 3676 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys
13:24:20.0931 3676 ErrDev - ok
13:24:21.0017 3676 [ 4D06D9A26227AC485305133916888DF1 ] ETService C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe
13:24:21.0018 3676 ETService - ok
13:24:21.0074 3676 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll
13:24:21.0082 3676 EventSystem - ok
13:24:21.0108 3676 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys
13:24:21.0112 3676 exfat - ok
13:24:21.0148 3676 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
13:24:21.0153 3676 fastfat - ok
13:24:21.0194 3676 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
13:24:21.0195 3676 fdc - ok
13:24:21.0227 3676 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
13:24:21.0228 3676 fdPHost - ok
13:24:21.0248 3676 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
13:24:21.0250 3676 FDResPub - ok
13:24:21.0265 3676 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
13:24:21.0267 3676 FileInfo - ok
13:24:21.0280 3676 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
13:24:21.0281 3676 Filetrace - ok
13:24:21.0290 3676 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
13:24:21.0292 3676 flpydisk - ok
13:24:21.0342 3676 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
13:24:21.0348 3676 FltMgr - ok
13:24:21.0443 3676 [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache C:\Windows\system32\FntCache.dll
13:24:21.0467 3676 FontCache - ok
13:24:21.0534 3676 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:24:21.0535 3676 FontCache3.0.0.0 - ok
13:24:21.0573 3676 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
13:24:21.0575 3676 Fs_Rec - ok
13:24:21.0613 3676 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
13:24:21.0616 3676 gagp30kx - ok
13:24:21.0624 3676 GameConsoleService - ok
13:24:21.0664 3676 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\Drivers\GEARAspiWDM.sys
13:24:21.0665 3676 GEARAspiWDM - ok
13:24:21.0698 3676 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll
13:24:21.0708 3676 gpsvc - ok
13:24:21.0735 3676 gupdate - ok
13:24:21.0752 3676 gusvc - ok
13:24:21.0802 3676 [ 68E732382B32417FF61FD663259B4B09 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:24:21.0809 3676 HdAudAddService - ok
13:24:21.0870 3676 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
13:24:21.0887 3676 HDAudBus - ok
13:24:21.0917 3676 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys
13:24:21.0919 3676 HidBth - ok
13:24:21.0930 3676 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys
13:24:21.0932 3676 HidIr - ok
13:24:21.0984 3676 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\system32\hidserv.dll
13:24:21.0986 3676 hidserv - ok
13:24:22.0018 3676 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
13:24:22.0019 3676 HidUsb - ok
13:24:22.0053 3676 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
13:24:22.0056 3676 hkmsvc - ok
13:24:22.0097 3676 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
13:24:22.0099 3676 HpCISSs - ok
13:24:22.0148 3676 [ 57BA73B5B321291E5114CB21350E1EA0 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL6.SYS
13:24:22.0153 3676 HSFHWAZL - ok
13:24:22.0254 3676 [ 14492080EC1C7FF89673A98F0E6162F1 ] HsfXAudioService C:\Windows\SysWOW64\XAudio64.dll
13:24:22.0264 3676 HsfXAudioService - ok
13:24:22.0331 3676 [ C8ECF7D2FD3F20078DFB3BD5F1E51F23 ] HSF_DPV C:\Windows\system32\DRIVERS\CAX_DPV.sys
13:24:22.0346 3676 HSF_DPV - ok
13:24:22.0387 3676 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
13:24:22.0399 3676 HTTP - ok
13:24:22.0430 3676 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
13:24:22.0431 3676 i2omp - ok
13:24:22.0456 3676 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
13:24:22.0457 3676 i8042prt - ok
13:24:22.0516 3676 [ CB686F44BF955EA02520710A56874FA4 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
13:24:22.0519 3676 IAANTMON - ok
13:24:22.0595 3676 [ 8D58627FEF3F8767665D9F4DC91CBD97 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
13:24:22.0598 3676 iaStor - ok
13:24:22.0622 3676 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
13:24:22.0628 3676 iaStorV - ok
13:24:22.0686 3676 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
13:24:22.0687 3676 IDriverT - ok
13:24:22.0743 3676 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:24:22.0760 3676 idsvc - ok
13:24:23.0082 3676 [ C6238C6ABD6AC99F5D152DA4E9439A3D ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
13:24:23.0217 3676 igfx - ok
13:24:23.0255 3676 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
13:24:23.0257 3676 iirsp - ok
13:24:23.0304 3676 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll
13:24:23.0315 3676 IKEEXT - ok
13:24:23.0376 3676 [ 8C7FA71CB1EBCD3EDE8958D27B1BF0B4 ] int15 C:\Windows\SysWOW64\drivers\int15_64.sys
13:24:23.0377 3676 int15 - ok
13:24:23.0453 3676 [ 4D8D5B1C895EA0F2A721B98A7CE198F1 ] int15.sys C:\ACER\Preload\Autorun\DRV\Foxconn Bluetooth BCM2045NMD\int15.sys
13:24:23.0454 3676 int15.sys - ok
13:24:23.0486 3676 [ BD37227C07179B1040A8896B9C0C146B ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
13:24:23.0487 3676 IntcHdmiAddService - ok
13:24:23.0512 3676 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys
13:24:23.0514 3676 intelide - ok
13:24:23.0538 3676 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
13:24:23.0538 3676 intelppm - ok
13:24:23.0564 3676 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
13:24:23.0568 3676 IPBusEnum - ok
13:24:23.0599 3676 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:24:23.0600 3676 IpFilterDriver - ok
13:24:23.0607 3676 IpInIp - ok
13:24:23.0620 3676 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
13:24:23.0622 3676 IPMIDRV - ok
13:24:23.0657 3676 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
13:24:23.0659 3676 IPNAT - ok
13:24:23.0702 3676 [ 3D62FE4FEFE9C67DAFEC52B534DFA1FB ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
13:24:23.0709 3676 iPod Service - ok
13:24:23.0761 3676 [ DD8E6843539E6CD768C84B6A9FDD086E ] iprip C:\Windows\System32\iprip.dll
13:24:23.0764 3676 iprip - ok
13:24:23.0785 3676 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
13:24:23.0785 3676 IRENUM - ok
13:24:23.0815 3676 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys
13:24:23.0816 3676 isapnp - ok
13:24:23.0871 3676 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
13:24:23.0876 3676 iScsiPrt - ok
13:24:23.0884 3676 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
13:24:23.0886 3676 iteatapi - ok
13:24:23.0893 3676 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
13:24:23.0895 3676 iteraid - ok
13:24:23.0909 3676 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
13:24:23.0911 3676 kbdclass - ok
13:24:23.0932 3676 [ BF8783A5066CFECF45095459E8010FA7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
13:24:23.0933 3676 kbdhid - ok
13:24:23.0955 3676 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe
13:24:23.0957 3676 KeyIso - ok
13:24:24.0003 3676 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
13:24:24.0008 3676 KSecDD - ok
13:24:24.0032 3676 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
13:24:24.0034 3676 ksthunk - ok
13:24:24.0075 3676 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
13:24:24.0083 3676 KtmRm - ok
13:24:24.0131 3676 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\system32\srvsvc.dll
13:24:24.0137 3676 LanmanServer - ok
13:24:24.0169 3676 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:24:24.0175 3676 LanmanWorkstation - ok
13:24:24.0215 3676 [ B6552D382FF070B4ED34CBD6737277C0 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
13:24:24.0216 3676 LHidFilt - ok
13:24:24.0259 3676 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
13:24:24.0261 3676 lltdio - ok
13:24:24.0297 3676 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
13:24:24.0308 3676 lltdsvc - ok
13:24:24.0321 3676 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
13:24:24.0332 3676 lmhosts - ok
13:24:24.0358 3676 [ 73C1F563AB73D459DFFE682D66476558 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
13:24:24.0359 3676 LMouFilt - ok
13:24:24.0395 3676 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
13:24:24.0399 3676 LSI_FC - ok
13:24:24.0444 3676 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
13:24:24.0447 3676 LSI_SAS - ok
13:24:24.0462 3676 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
13:24:24.0466 3676 LSI_SCSI - ok
13:24:24.0484 3676 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
13:24:24.0486 3676 luafv - ok
13:24:24.0533 3676 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
13:24:24.0535 3676 MBAMProtector - ok
13:24:24.0602 3676 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
13:24:24.0607 3676 MBAMScheduler - ok
13:24:24.0640 3676 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
13:24:24.0647 3676 MBAMService - ok
13:24:24.0684 3676 [ 79D51E7F5926E8CE1B3EBECEBAE28CFF ] mcdbus C:\Windows\system32\DRIVERS\mcdbus.sys
13:24:24.0686 3676 mcdbus - ok
13:24:24.0719 3676 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
13:24:24.0723 3676 Mcx2Svc - ok
13:24:24.0750 3676 [ E4F44EC214B3E381E1FC844A02926666 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
13:24:24.0752 3676 mdmxsdk - ok
13:24:24.0783 3676 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys
13:24:24.0785 3676 megasas - ok
13:24:24.0824 3676 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
13:24:24.0833 3676 MegaSR - ok
13:24:24.0873 3676 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
13:24:24.0875 3676 MMCSS - ok
13:24:24.0909 3676 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
13:24:24.0919 3676 Modem - ok
13:24:24.0940 3676 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
13:24:24.0941 3676 monitor - ok
13:24:24.0959 3676 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
13:24:24.0961 3676 mouclass - ok
13:24:24.0985 3676 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
13:24:24.0986 3676 mouhid - ok
13:24:25.0001 3676 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
13:24:25.0002 3676 MountMgr - ok
13:24:25.0040 3676 [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:24:25.0041 3676 MozillaMaintenance - ok
13:24:25.0115 3676 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
13:24:25.0117 3676 MpFilter - ok
13:24:25.0169 3676 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys
13:24:25.0183 3676 mpio - ok
13:24:25.0200 3676 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
13:24:25.0203 3676 mpsdrv - ok
13:24:25.0267 3676 [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc C:\Windows\system32\mpssvc.dll
13:24:25.0281 3676 MpsSvc - ok
13:24:25.0308 3676 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
13:24:25.0310 3676 Mraid35x - ok
13:24:25.0344 3676 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
13:24:25.0346 3676 MRxDAV - ok
13:24:25.0386 3676 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
13:24:25.0387 3676 mrxsmb - ok
13:24:25.0425 3676 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:24:25.0430 3676 mrxsmb10 - ok
13:24:25.0466 3676 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:24:25.0467 3676 mrxsmb20 - ok
13:24:25.0492 3676 [ 1AC860612B85D8E85EE257D372E39F4D ] msahci C:\Windows\system32\drivers\msahci.sys
13:24:25.0493 3676 msahci - ok
13:24:25.0512 3676 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
13:24:25.0515 3676 msdsm - ok
13:24:25.0549 3676 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
13:24:25.0552 3676 MSDTC - ok
13:24:25.0582 3676 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
13:24:25.0583 3676 Msfs - ok
13:24:25.0606 3676 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
13:24:25.0607 3676 msisadrv - ok
13:24:25.0637 3676 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
13:24:25.0641 3676 MSiSCSI - ok
13:24:25.0648 3676 msiserver - ok
13:24:25.0680 3676 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
13:24:25.0681 3676 MSKSSRV - ok
13:24:25.0758 3676 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
13:24:25.0759 3676 MsMpSvc - ok
13:24:25.0771 3676 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
13:24:25.0773 3676 MSPCLOCK - ok
13:24:25.0791 3676 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
13:24:25.0791 3676 MSPQM - ok
13:24:25.0835 3676 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
13:24:25.0840 3676 MsRPC - ok
13:24:25.0870 3676 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
13:24:25.0871 3676 mssmbios - ok
13:24:25.0893 3676 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
13:24:25.0894 3676 MSTEE - ok
13:24:25.0914 3676 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys
13:24:25.0915 3676 Mup - ok
13:24:25.0953 3676 [ 193047CADD22618C2E2C1005072AAC39 ] MusCAudio C:\Windows\system32\drivers\MusCAudio.sys
13:24:25.0953 3676 MusCAudio - ok
13:24:25.0995 3676 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll
13:24:26.0006 3676 napagent - ok
13:24:26.0037 3676 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
13:24:26.0042 3676 NativeWifiP - ok
13:24:26.0107 3676 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys
13:24:26.0114 3676 NDIS - ok
13:24:26.0142 3676 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
13:24:26.0143 3676 NdisTapi - ok
13:24:26.0160 3676 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
13:24:26.0161 3676 Ndisuio - ok
13:24:26.0197 3676 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
13:24:26.0201 3676 NdisWan - ok
13:24:26.0221 3676 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
13:24:26.0222 3676 NDProxy - ok
13:24:26.0237 3676 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
13:24:26.0240 3676 NetBIOS - ok
13:24:26.0280 3676 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
13:24:26.0285 3676 netbt - ok
13:24:26.0299 3676 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe
13:24:26.0301 3676 Netlogon - ok
13:24:26.0332 3676 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
13:24:26.0341 3676 Netman - ok
13:24:26.0362 3676 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
13:24:26.0369 3676 netprofm - ok
13:24:26.0409 3676 [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:24:26.0412 3676 NetTcpPortSharing - ok
13:24:26.0455 3676 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
13:24:26.0456 3676 nfrd960 - ok
13:24:26.0497 3676 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
13:24:26.0499 3676 NisDrv - ok
13:24:26.0530 3676 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
13:24:26.0533 3676 NisSrv - ok
13:24:26.0579 3676 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
13:24:26.0585 3676 NlaSvc - ok
13:24:26.0627 3676 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
13:24:26.0628 3676 Npfs - ok
13:24:26.0647 3676 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
13:24:26.0649 3676 nsi - ok
13:24:26.0682 3676 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
13:24:26.0684 3676 nsiproxy - ok
13:24:26.0766 3676 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
13:24:26.0794 3676 Ntfs - ok
13:24:26.0826 3676 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
13:24:26.0828 3676 Null - ok
13:24:26.0850 3676 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
13:24:26.0854 3676 nvraid - ok
13:24:26.0863 3676 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys
13:24:26.0865 3676 nvstor - ok
13:24:26.0890 3676 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
13:24:26.0893 3676 nv_agp - ok
13:24:26.0899 3676 NwlnkFlt - ok
13:24:26.0910 3676 NwlnkFwd - ok
13:24:26.0980 3676 [ D955D5DE998DB2476BF0892BE3A96C26 ] o2flash C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe
13:24:26.0982 3676 o2flash - ok
13:24:27.0018 3676 [ 1FBB63BD15D25B022DC986D463F94219 ] O2MDRDR C:\Windows\system32\DRIVERS\o2mdx64.sys
13:24:27.0019 3676 O2MDRDR - ok
13:24:27.0030 3676 [ C88959545B5F598791D30314C7DB5718 ] O2SDRDR C:\Windows\system32\DRIVERS\o2sdx64.sys
13:24:27.0031 3676 O2SDRDR - ok
13:24:27.0063 3676 [ 7B58953E2F263421FDBB09A192712A85 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
13:24:27.0065 3676 ohci1394 - ok
13:24:27.0119 3676 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll
13:24:27.0139 3676 p2pimsvc - ok
13:24:27.0161 3676 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll
13:24:27.0170 3676 p2psvc - ok
13:24:27.0205 3676 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys
13:24:27.0208 3676 Parport - ok
13:24:27.0243 3676 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
13:24:27.0244 3676 partmgr - ok
13:24:27.0281 3676 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
13:24:27.0285 3676 PcaSvc - ok
13:24:27.0318 3676 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys
13:24:27.0321 3676 pci - ok
13:24:27.0344 3676 [ 8D618C829034479985A9ED56106CC732 ] pciide C:\Windows\system32\drivers\pciide.sys
13:24:27.0346 3676 pciide - ok
13:24:27.0380 3676 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
13:24:27.0385 3676 pcmcia - ok
13:24:27.0420 3676 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
13:24:27.0437 3676 PEAUTH - ok
13:24:27.0464 3676 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
13:24:27.0466 3676 PerfHost - ok
13:24:27.0539 3676 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
13:24:27.0569 3676 pla - ok
13:24:27.0621 3676 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
13:24:27.0629 3676 PlugPlay - ok
13:24:27.0664 3676 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
13:24:27.0673 3676 PNRPAutoReg - ok
13:24:27.0699 3676 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll
13:24:27.0707 3676 PNRPsvc - ok
13:24:27.0730 3676 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
13:24:27.0742 3676 PolicyAgent - ok
13:24:27.0784 3676 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
13:24:27.0787 3676 PptpMiniport - ok
13:24:27.0822 3676 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys
13:24:27.0824 3676 Processor - ok
13:24:27.0861 3676 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll
13:24:27.0866 3676 ProfSvc - ok
13:24:27.0877 3676 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
13:24:27.0878 3676 ProtectedStorage - ok
13:24:27.0913 3676 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
13:24:27.0916 3676 PSched - ok
13:24:27.0973 3676 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys
13:24:28.0002 3676 ql2300 - ok
13:24:28.0029 3676 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
13:24:28.0032 3676 ql40xx - ok
13:24:28.0069 3676 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
13:24:28.0078 3676 QWAVE - ok
13:24:28.0091 3676 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
13:24:28.0093 3676 QWAVEdrv - ok
13:24:28.0107 3676 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
13:24:28.0109 3676 RasAcd - ok
13:24:28.0126 3676 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
13:24:28.0130 3676 RasAuto - ok
13:24:28.0169 3676 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
13:24:28.0172 3676 Rasl2tp - ok
13:24:28.0196 3676 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll
13:24:28.0203 3676 RasMan - ok
13:24:28.0240 3676 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
13:24:28.0242 3676 RasPppoe - ok
13:24:28.0270 3676 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
13:24:28.0273 3676 RasSstp - ok
13:24:28.0311 3676 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
13:24:28.0317 3676 rdbss - ok
13:24:28.0350 3676 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
13:24:28.0351 3676 RDPCDD - ok
13:24:28.0396 3676 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
13:24:28.0402 3676 rdpdr - ok
13:24:28.0410 3676 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
13:24:28.0412 3676 RDPENCDD - ok
13:24:28.0449 3676 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
13:24:28.0455 3676 RDPWD - ok
13:24:28.0476 3676 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
13:24:28.0480 3676 RemoteAccess - ok
13:24:28.0540 3676 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
13:24:28.0546 3676 RemoteRegistry - ok
13:24:28.0574 3676 [ F228CE2F778503CECB2B27097B5B3139 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
13:24:28.0576 3676 RFCOMM - ok
13:24:28.0609 3676 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
13:24:28.0610 3676 RpcLocator - ok
13:24:28.0662 3676 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll
13:24:28.0671 3676 RpcSs - ok
13:24:28.0707 3676 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
13:24:28.0710 3676 rspndr - ok
13:24:28.0756 3676 [ 34E0C414AC70A315F76C8D39F13AE991 ] RTL8187Se C:\Windows\system32\DRIVERS\RTL8187Se.sys
13:24:28.0759 3676 RTL8187Se - ok
13:24:28.0777 3676 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe
13:24:28.0779 3676 SamSs - ok
13:24:28.0806 3676 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
13:24:28.0809 3676 sbp2port - ok
13:24:28.0839 3676 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll
13:24:28.0844 3676 SCardSvr - ok
13:24:28.0900 3676 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll
13:24:28.0909 3676 Schedule - ok
13:24:28.0941 3676 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll
13:24:28.0942 3676 SCPolicySvc - ok
13:24:28.0987 3676 [ B42EE50F7D24F837F925332EB349ECA5 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
13:24:28.0989 3676 sdbus - ok
13:24:29.0030 3676 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
13:24:29.0035 3676 SDRSVC - ok
13:24:29.0047 3676 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
13:24:29.0049 3676 secdrv - ok
13:24:29.0072 3676 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
13:24:29.0074 3676 seclogon - ok
13:24:29.0097 3676 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\System32\sens.dll
13:24:29.0101 3676 SENS - ok
13:24:29.0126 3676 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\drivers\serenum.sys
13:24:29.0127 3676 Serenum - ok
13:24:29.0149 3676 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys
13:24:29.0153 3676 Serial - ok
13:24:29.0172 3676 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
13:24:29.0174 3676 sermouse - ok
13:24:29.0219 3676 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
13:24:29.0223 3676 SessionEnv - ok
13:24:29.0248 3676 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
13:24:29.0250 3676 sffdisk - ok
13:24:29.0270 3676 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
13:24:29.0271 3676 sffp_mmc - ok
13:24:29.0286 3676 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
13:24:29.0288 3676 sffp_sd - ok
13:24:29.0308 3676 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
13:24:29.0309 3676 sfloppy - ok
13:24:29.0362 3676 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:24:29.0371 3676 ShellHWDetection - ok
13:24:29.0391 3676 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
13:24:29.0393 3676 SiSRaid2 - ok
13:24:29.0418 3676 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
13:24:29.0420 3676 SiSRaid4 - ok
13:24:29.0528 3676 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe
13:24:29.0555 3676 slsvc - ok
13:24:29.0592 3676 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll
13:24:29.0596 3676 SLUINotify - ok
13:24:29.0637 3676 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
13:24:29.0640 3676 Smb - ok
13:24:29.0675 3676 [ 8905A4C99131441334E957CA540C076A ] SNMP C:\Windows\System32\snmp.exe
13:24:29.0678 3676 SNMP - ok
13:24:29.0708 3676 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
13:24:29.0711 3676 SNMPTRAP - ok
13:24:29.0746 3676 [ BBE1769FECCF844C4ACFD86929B61F6E ] SoundMovieServer C:\Windows\SysWOW64\snmvtsvc.exe
13:24:29.0749 3676 SoundMovieServer - ok
13:24:29.0790 3676 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys
13:24:29.0790 3676 spldr - ok
13:24:29.0830 3676 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe
13:24:29.0835 3676 Spooler - ok
13:24:29.0876 3676 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys
13:24:29.0880 3676 srv - ok
13:24:29.0917 3676 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
13:24:29.0919 3676 srv2 - ok
13:24:29.0936 3676 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
13:24:29.0938 3676 srvnet - ok
13:24:29.0978 3676 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
13:24:29.0981 3676 SSDPSRV - ok
13:24:30.0020 3676 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
13:24:30.0024 3676 SstpSvc - ok
13:24:30.0067 3676 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll
13:24:30.0081 3676 stisvc - ok
13:24:30.0106 3676 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
13:24:30.0108 3676 swenum - ok
13:24:30.0136 3676 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll
13:24:30.0148 3676 swprv - ok
13:24:30.0162 3676 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
13:24:30.0164 3676 Symc8xx - ok
13:24:30.0174 3676 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
13:24:30.0176 3676 Sym_hi - ok
13:24:30.0186 3676 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
13:24:30.0188 3676 Sym_u3 - ok
13:24:30.0220 3676 [ D9B5FE44B394C587BCE3CF9FA369AC64 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
13:24:30.0224 3676 SynTP - ok
13:24:30.0282 3676 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll
13:24:30.0300 3676 SysMain - ok
13:24:30.0331 3676 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:24:30.0335 3676 TabletInputService - ok
13:24:30.0379 3676 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll
13:24:30.0390 3676 TapiSrv - ok
13:24:30.0421 3676 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
13:24:30.0424 3676 TBS - ok
13:24:30.0489 3676 [ AC8D5728E6AD6A7C4819D9A67008337A ] Tcpip C:\Windows\system32\drivers\tcpip.sys
13:24:30.0501 3676 Tcpip - ok
13:24:30.0539 3676 [ AC8D5728E6AD6A7C4819D9A67008337A ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
13:24:30.0552 3676 Tcpip6 - ok
13:24:30.0589 3676 [ FD8FDE859E38E40A20085EBB0C22B416 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
13:24:30.0590 3676 tcpipreg - ok
13:24:30.0621 3676 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
13:24:30.0622 3676 TDPIPE - ok
13:24:30.0650 3676 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
13:24:30.0652 3676 TDTCP - ok
13:24:30.0687 3676 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
13:24:30.0690 3676 tdx - ok
13:24:30.0700 3676 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
13:24:30.0702 3676 TermDD - ok
13:24:30.0756 3676 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll
13:24:30.0770 3676 TermService - ok
13:24:30.0795 3676 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll
13:24:30.0801 3676 Themes - ok
13:24:30.0817 3676 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
13:24:30.0819 3676 THREADORDER - ok
13:24:30.0856 3676 [ 5F97EE54EA57AE6B857D71313D09F672 ] TlntSvr C:\Windows\System32\tlntsvr.exe
13:24:30.0859 3676 TlntSvr - ok
13:24:30.0890 3676 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
13:24:30.0895 3676 TrkWks - ok
13:24:30.0945 3676 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:24:30.0946 3676 TrustedInstaller - ok
13:24:30.0977 3676 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
13:24:30.0978 3676 tssecsrv - ok
13:24:31.0001 3676 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
13:24:31.0003 3676 tunmp - ok
13:24:31.0037 3676 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
13:24:31.0038 3676 tunnel - ok
13:24:31.0047 3676 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
13:24:31.0050 3676 uagp35 - ok
13:24:31.0083 3676 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
13:24:31.0090 3676 udfs - ok
13:24:31.0128 3676 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
13:24:31.0130 3676 UI0Detect - ok
13:24:31.0163 3676 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
13:24:31.0166 3676 uliagpkx - ok
13:24:31.0180 3676 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
13:24:31.0187 3676 uliahci - ok
13:24:31.0197 3676 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
13:24:31.0202 3676 UlSata - ok
13:24:31.0217 3676 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
13:24:31.0222 3676 ulsata2 - ok
13:24:31.0247 3676 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
13:24:31.0249 3676 umbus - ok
13:24:31.0277 3676 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
13:24:31.0282 3676 upnphost - ok
13:24:31.0314 3676 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
13:24:31.0316 3676 USBAAPL64 - ok
13:24:31.0348 3676 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
13:24:31.0351 3676 usbccgp - ok
13:24:31.0370 3676 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys
13:24:31.0373 3676 usbcir - ok
13:24:31.0420 3676 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
13:24:31.0422 3676 usbehci - ok
13:24:31.0463 3676 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
13:24:31.0470 3676 usbhub - ok
13:24:31.0513 3676 [ EBA14EF0C07CEC233F1529C698D0D154 ] usbohci C:\Windows\system32\drivers\usbohci.sys
13:24:31.0515 3676 usbohci - ok
13:24:31.0524 3676 [ ACFEE697AF477021BB3EC78C5431FED2 ] usbprint C:\Windows\system32\drivers\usbprint.sys
13:24:31.0527 3676 usbprint - ok
13:24:31.0552 3676 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:24:31.0554 3676 USBSTOR - ok
13:24:31.0571 3676 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
13:24:31.0573 3676 usbuhci - ok
13:24:31.0596 3676 [ FC33099877790D51B0927B7039059855 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
13:24:31.0601 3676 usbvideo - ok
13:24:31.0624 3676 [ FA3CA291F80EE13A1AC210492A7DFBB9 ] UVCFTR C:\Windows\system32\Drivers\UVCFTR_S.SYS
13:24:31.0625 3676 UVCFTR - ok
13:24:31.0658 3676 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll
13:24:31.0661 3676 UxSms - ok
13:24:31.0711 3676 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe
13:24:31.0723 3676 vds - ok
13:24:31.0754 3676 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
13:24:31.0756 3676 vga - ok
13:24:31.0776 3676 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
13:24:31.0778 3676 VgaSave - ok
13:24:31.0800 3676 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys
13:24:31.0802 3676 viaide - ok
13:24:31.0811 3676 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys
13:24:31.0813 3676 volmgr - ok
13:24:31.0860 3676 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
13:24:31.0867 3676 volmgrx - ok
13:24:31.0915 3676 [ 5280AADA24AB36B01A84A6424C475C8D ] volsnap C:\Windows\system32\drivers\volsnap.sys
13:24:31.0921 3676 volsnap - ok
13:24:31.0961 3676 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
13:24:31.0965 3676 vsmraid - ok
13:24:32.0027 3676 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe
13:24:32.0057 3676 VSS - ok
13:24:32.0101 3676 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll
13:24:32.0111 3676 W32Time - ok
13:24:32.0169 3676 [ 1ED89751BBC0B2A050B6367A613C1C51 ] W3SVC C:\Windows\system32\inetsrv\iisw3adm.dll
13:24:32.0178 3676 W3SVC - ok
13:24:32.0205 3676 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
13:24:32.0208 3676 WacomPen - ok
13:24:32.0253 3676 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
13:24:32.0256 3676 Wanarp - ok
13:24:32.0263 3676 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
13:24:32.0264 3676 Wanarpv6 - ok
13:24:32.0282 3676 [ 1ED89751BBC0B2A050B6367A613C1C51 ] WAS C:\Windows\system32\inetsrv\iisw3adm.dll
13:24:32.0286 3676 WAS - ok
13:24:32.0332 3676 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
13:24:32.0345 3676 wcncsvc - ok
13:24:32.0377 3676 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:24:32.0380 3676 WcsPlugInService - ok
13:24:32.0413 3676 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys
13:24:32.0414 3676 Wd - ok
13:24:32.0451 3676 [ D02E7E4567DA1E7582FBF6A91144B0DF ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
13:24:32.0471 3676 Wdf01000 - ok
13:24:32.0496 3676 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
13:24:32.0500 3676 WdiServiceHost - ok
13:24:32.0506 3676 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
13:24:32.0509 3676 WdiSystemHost - ok
13:24:32.0536 3676 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll
13:24:32.0543 3676 WebClient - ok
13:24:32.0579 3676 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll
13:24:32.0586 3676 Wecsvc - ok
13:24:32.0612 3676 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
13:24:32.0617 3676 wercplsupport - ok
13:24:32.0640 3676 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll
13:24:32.0646 3676 WerSvc - ok
13:24:32.0684 3676 [ 40EFEE2FD560EB0438F3AEBD5BF751B4 ] winachsf C:\Windows\system32\DRIVERS\CAX_CNXT.sys
13:24:32.0690 3676 winachsf - ok
13:24:32.0699 3676 WinHttpAutoProxySvc - ok
13:24:32.0769 3676 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
13:24:32.0774 3676 Winmgmt - ok
13:24:32.0855 3676 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll
13:24:32.0898 3676 WinRM - ok
13:24:32.0959 3676 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll
13:24:32.0974 3676 Wlansvc - ok
13:24:33.0103 3676 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:24:33.0119 3676 wlidsvc - ok
13:24:33.0150 3676 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
13:24:33.0151 3676 WmiAcpi - ok
13:24:33.0198 3676 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
13:24:33.0204 3676 wmiApSrv - ok
13:24:33.0236 3676 WMPNetworkSvc - ok
13:24:33.0257 3676 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
13:24:33.0263 3676 WPCSvc - ok
13:24:33.0269 3676 WPDBusEnum - ok
13:24:33.0311 3676 [ 5E2401B3FC1089C90E081291357371A9 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
13:24:33.0312 3676 WpdUsb - ok
13:24:33.0465 3676 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:24:33.0474 3676 WPFFontCache_v0400 - ok
13:24:33.0509 3676 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
13:24:33.0511 3676 ws2ifsl - ok
13:24:33.0550 3676 WSearch - ok
13:24:33.0578 3676 [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
13:24:33.0581 3676 WUDFRd - ok
13:24:33.0614 3676 [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc C:\Windows\System32\WUDFSvc.dll
13:24:33.0618 3676 wudfsvc - ok
13:24:33.0654 3676 [ C22B223CC6D58E921D78E173172F66F5 ] XAudio C:\Windows\system32\DRIVERS\xaudio64.sys
13:24:33.0654 3676 XAudio - ok
13:24:33.0696 3676 [ 963C27034BBA4AC52A13F7A3C657C708 ] XAudioService C:\Windows\system32\DRIVERS\xaudio64.exe
13:24:33.0700 3676 XAudioService - ok
13:24:33.0733 3676 [ BE950BFF950AE6B22A9EE80BCE55CC3A ] yukonx64 C:\Windows\system32\DRIVERS\yk60x64.sys
13:24:33.0737 3676 yukonx64 - ok
13:24:33.0764 3676 ================ Scan global ===============================
13:24:33.0787 3676 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
13:24:33.0831 3676 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
13:24:33.0855 3676 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
13:24:33.0900 3676 [ B8844F93D2C5F1DCDB179AAA9AF134B7 ] C:\Windows\system32\services.exe
13:24:33.0906 3676 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - infected
13:24:33.0907 3676 C:\Windows\system32\services.exe - detected Virus.Win64.ZAccess.a (0)
13:24:33.0907 3676 ================ Scan MBR ==================================
13:24:33.0933 3676 [ 2D38F4A50470B53943A7DBD02E402E47 ] \Device\Harddisk0\DR0
13:24:36.0982 3676 \Device\Harddisk0\DR0 - ok
13:24:36.0983 3676 ================ Scan VBR ==================================
13:24:36.0987 3676 [ 6BAA39F01C2B7433BAFC692E77CD743D ] \Device\Harddisk0\DR0\Partition1
13:24:36.0989 3676 \Device\Harddisk0\DR0\Partition1 - ok
13:24:37.0017 3676 [ D84BA68FB1BDD87630BADB3C0498C839 ] \Device\Harddisk0\DR0\Partition2
13:24:37.0020 3676 \Device\Harddisk0\DR0\Partition2 - ok
13:24:37.0021 3676 ============================================================
13:24:37.0021 3676 Scan finished
13:24:37.0021 3676 ============================================================
13:24:37.0037 2892 Detected object count: 1
13:24:37.0037 2892 Actual detected object count: 1
13:24:55.0528 2892 C:\Windows\system32\services.exe - copied to quarantine
13:24:56.0893 2892 C:\Windows\assembly\GAC_32\desktop.ini - copied to quarantine
13:24:56.0895 2892 C:\Windows\assembly\GAC_64\desktop.ini - copied to quarantine
13:25:25.0425 2892 Backup copy not found, trying to cure infected file..
13:25:25.0426 2892 C:\Windows\system32\services.exe - Cure failed (FFFFFFFF)
13:25:25.0426 2892 C:\Windows\system32\services.exe - processing error
13:25:25.0426 2892 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - User select action: Cure
13:25:48.0200 0804 Deinitialize success








I Also Tried HITMANpro
Here is the log for that

Size . . . . . . . : 4,608 bytes
Age . . . . . . . : 3.1 days (2012-10-16 01:05:59)
Entropy . . . . . : 3.9
SHA-256 . . . . . : 5DED64AE56E33350D1FB80A8155EE7917BFDEC1A379C8742397EC6ECB0726BE0
> G Data . . . . . . : Trojan.Generic.7798618 (Engine A)
> DrWeb . . . . . . : BackDoor.Maxplus.90
> Ikarus . . . . . . : Backdoor.Win32.ZAccess!IK
Fuzzy . . . . . . : 114.0

C:\Windows\assembly\GAC_64\Desktop.ini
Size . . . . . . . : 6,144 bytes
Age . . . . . . . : 3.1 days (2012-10-16 01:05:59)
Entropy . . . . . : 3.4
SHA-256 . . . . . : D7B6D7016157EF1606125F1DD15DB95A3973CCEF7C1D05F961A5F867751B872E
> G Data . . . . . . : Trojan.Generic.7713809 (Engine A)
> DrWeb . . . . . . : BackDoor.Maxplus.90
> Ikarus . . . . . . : Trojan.Win64!IK
Fuzzy . . . . . . : 111.0

C:\Windows\system32\services.exe
Size . . . . . . . : 381,952 bytes
Age . . . . . . . : 1153.9 days (2009-08-22 04:09:12)
Entropy . . . . . : 5.9
SHA-256 . . . . . : 03E4D4E5F4337C44F3CB2C2CB943E0984679A51F05760E90C9C3B46A47AED659
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : Services and Controller app
Version . . . . . : 6.0.6002.18005
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Running processes : 684
> G Data . . . . . . : Trojan.Patched.Sirefef.A (Engine A)
> Ikarus . . . . . . : Virus.Win64!IK
Fuzzy . . . . . . : 172.0
One or more antivirus vendors have indicated that the file is malicious.
Has TLS callback code that executes before the process starts. This is an indication of malware infection.
Address Space Layout Randomization (ASLR) capability is stripped from this system file. This is an indication of malware infection.
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Program is running but currently exposes no human-computer interface (GUI).
This file contains a Thread Local Storage (TLS) data directory. This is not common for most programs.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
The file is in use by one or more active processes.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.



[/code]


I will post other logs later.

BC AdBot (Login to Remove)

 


#2 ak_907

ak_907
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:01 PM

Posted 19 October 2012 - 05:55 PM

ASWMBR LOG

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-19 13:27:06
-----------------------------
13:27:06.920 OS Version: Windows x64 6.0.6002 Service Pack 2
13:27:06.922 Number of processors: 2 586 0xF0D
13:27:06.923 ComputerName: MY-PC UserName: I
13:27:07.926 Initialize success
14:12:35.227 AVAST engine defs: 12101901
14:14:39.535 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:14:39.539 Disk 0 Vendor: Hitachi_ BBFO Size: 238475MB BusType: 3
14:14:39.554 Disk 0 MBR read successfully
14:14:39.557 Disk 0 MBR scan
14:14:39.563 Disk 0 unknown MBR code
14:14:39.570 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10240 MB offset 2048
14:14:39.593 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 114116 MB offset 20973568
14:14:39.616 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 114117 MB offset 254683136
14:14:39.647 Disk 0 scanning C:\Windows\system32\drivers
14:14:50.517 Service scanning
14:15:19.204 Modules scanning
14:15:19.215 Disk 0 trace - called modules:
14:15:19.240 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys iaStor.sys hal.dll
14:15:19.593 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006669790]
14:15:19.600 3 CLASSPNP.SYS[fffffa60011cfc33] -> nt!IofCallDriver -> [0xfffffa8004bda5c0]
14:15:19.607 5 acpi.sys[fffffa60008f4fde] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80053a9050]
14:15:20.631 AVAST engine scan C:\Windows
14:15:25.208 AVAST engine scan C:\Windows\system32
14:17:53.714 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
14:17:57.165 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
14:19:37.662 AVAST engine scan C:\Windows\system32\drivers
14:19:56.263 AVAST engine scan C:\Users\I
14:49:00.604 AVAST engine scan C:\ProgramData
14:52:22.487 Scan finished successfully
14:54:05.905 Disk 0 MBR has been saved successfully to "C:\Users\I\Desktop\MBR.dat"
14:54:05.919 The log file has been saved successfully to "C:\Users\I\Desktop\aswMBR.txt"

#3 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:01 PM

Posted 19 October 2012 - 05:59 PM

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply


Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

#4 ak_907

ak_907
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:01 PM

Posted 19 October 2012 - 09:24 PM

ESET online scanner LOG

C:\TDSSKiller_Quarantine\17.10.2012_22.36.15\zasubsys0000\zafs0000\tsk0010.dta Win64/Sirefef.AN trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\17.10.2012_22.36.15\zasubsys0001\zafs0000\tsk0010.dta Win64/Sirefef.AN trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\17.10.2012_22.42.00\zasubsys0000\zafs0000\tsk0010.dta Win64/Sirefef.AN trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\18.10.2012_06.27.31\zasubsys0000\file0000\tsk0000.dta Win64/Patched.A trojan deleted - quarantined
C:\TDSSKiller_Quarantine\18.10.2012_06.27.31\zasubsys0000\zafs0000\tsk0000.dta Win32/Sirefef.EZ trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\18.10.2012_06.27.31\zasubsys0000\zafs0000\tsk0001.dta Win64/Sirefef.W trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\18.10.2012_06.27.31\zasubsys0000\zafs0000\tsk0005.dta Win64/Conedex.C trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\18.10.2012_06.27.31\zasubsys0000\zafs0000\tsk0006.dta Win64/Agent.BA trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\18.10.2012_06.27.31\zasubsys0000\zafs0000\tsk0007.dta Win64/Conedex.B trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\18.10.2012_06.27.31\zasubsys0000\zafs0000\tsk0008.dta Win64/Sirefef.AP trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\18.10.2012_06.27.31\zasubsys0000\zafs0000\tsk0009.dta probably a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\18.10.2012_06.27.31\zasubsys0000\zafs0000\tsk0010.dta Win64/Sirefef.AN trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\19.10.2012_13.23.43\zasubsys0000\file0000\tsk0000.dta Win64/Patched.A trojan deleted - quarantined
C:\TDSSKiller_Quarantine\19.10.2012_13.23.43\zasubsys0000\zafs0000\tsk0000.dta Win32/Sirefef.EZ trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\19.10.2012_13.23.43\zasubsys0000\zafs0000\tsk0001.dta Win64/Sirefef.W trojan cleaned by deleting - quarantined
C:\Windows\assembly\GAC_32\Desktop.ini Win32/Sirefef.EZ trojan cleaned by deleting (after the next restart) - quarantined
C:\Windows\assembly\GAC_64\Desktop.ini Win64/Sirefef.W trojan cleaned by deleting (after the next restart) - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZIOJR9M6\kittyflix_com[1].htm HTML/ScrInject.B.Gen virus deleted - quarantined

#5 ak_907

ak_907
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:01 PM

Posted 19 October 2012 - 10:45 PM

Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.10.19.04

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
I :: MY-PC [administrator]

Protection: Disabled

10/19/2012 6:34:08 PM
mbam-log-2012-10-19 (18-34-08).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 423290
Time elapsed: 1 hour(s), 1 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#6 ak_907

ak_907
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:01 PM

Posted 19 October 2012 - 10:52 PM

MiniToolBox by Farbar Version: 23-07-2012
Ran by I (administrator) on 19-10-2012 at 19:47:17
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

Atheros AR5B91 Wireless Network Adapter = Wireless Network Connection (Connected)
Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller = Local Area Connection (Media disconnected)
The following helper DLL cannot be loaded: IFMON.DLL.
The following command was not found: int ip dump.

Windows IP Configuration

Host Name . . . . . . . . . . . . : My-PC
Primary Dns Suffix . . . . . . . : Snowdog
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : Snowdog
Belkin
System Quarantine State . . . . . : Not Restricted


Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller
Physical Address. . . . . . . . . : 00-E0-B8-FC-E6-DD
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : Belkin
Description . . . . . . . . . . . : Atheros AR5B91 Wireless Network Adapter
Physical Address. . . . . . . . . : 00-22-69-89-F5-37
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::74d0:f670:56da:3b5f%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.2.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Friday, October 19, 2012 2:46:15 AM
Lease Expires . . . . . . . . . . : Tuesday, November 26, 2148 2:15:41 AM
Default Gateway . . . . . . . . . : 192.168.2.1
DHCP Server . . . . . . . . . . . : 192.168.2.1
DHCPv6 IAID . . . . . . . . . . . : 167780969
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-10-5B-2C-6C-00-22-69-89-F5-37
DNS Servers . . . . . . . . . . . : 192.168.2.1
10.0.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{C837BC1B-FF9C-4C37-84F2-30CC27689E51}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.Belkin
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes


Pinging google.com [173.194.33.5] with 32 bytes of data:

Reply from 173.194.33.5: bytes=32 time=67ms TTL=51

Reply from 173.194.33.5: bytes=32 time=60ms TTL=51



Ping statistics for 173.194.33.5:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 60ms, Maximum = 67ms, Average = 63ms



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:

Reply from 98.139.183.24: bytes=32 time=134ms TTL=44

Reply from 98.139.183.24: bytes=32 time=147ms TTL=44



Ping statistics for 98.139.183.24:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 134ms, Maximum = 147ms, Average = 140ms



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Request timed out.

Request timed out.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
12 ...00 e0 b8 fc e6 dd ...... Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller
11 ...00 22 69 89 f5 37 ...... Atheros AR5B91 Wireless Network Adapter
1 ........................... Software Loopback Interface 1
20 ...00 00 00 00 00 00 00 e0 isatap.{C837BC1B-FF9C-4C37-84F2-30CC27689E51}
13 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
10 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
21 ...00 00 00 00 00 00 00 e0 isatap.Belkin
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.2 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.2.0 255.255.255.0 On-link 192.168.2.2 281
192.168.2.2 255.255.255.255 On-link 192.168.2.2 281
192.168.2.255 255.255.255.255 On-link 192.168.2.2 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.2.2 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.2.2 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 281 fe80::/64 On-link
11 281 fe80::74d0:f670:56da:3b5f/128
On-link
1 306 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\wshbth.dll [34304] (Microsoft Corporation)
Catalog5 06 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 07 C:\Windows\SysWOW64\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
x64-Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [62976] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\wshbth.dll [44032] (Microsoft Corporation)
x64-Catalog5 06 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

x64-Catalog5 07 C:\Windows\System32\winrnr.dll [27648] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 mswsock.dll [File Not found] ()
x64-Catalog9 02 mswsock.dll [File Not found] ()
x64-Catalog9 03 mswsock.dll [File Not found] ()
x64-Catalog9 04 mswsock.dll [File Not found] ()
x64-Catalog9 05 mswsock.dll [File Not found] ()
x64-Catalog9 06 mswsock.dll [File Not found] ()
x64-Catalog9 07 mswsock.dll [File Not found] ()
x64-Catalog9 08 mswsock.dll [File Not found] ()
x64-Catalog9 09 mswsock.dll [File Not found] ()
x64-Catalog9 10 mswsock.dll [File Not found] ()
x64-Catalog9 11 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/19/2012 07:48:31 PM) (Source: Application Error) (User: )
Description: Faulting application nslookup.exe, version 6.0.6002.18005, time stamp 0x49e01d63, faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e39f, exception code 0xc0000138, fault offset 0x0006f52f,
process id 0x11e4, application start time 0xnslookup.exe0.

Error: (10/19/2012 07:48:23 PM) (Source: Application Error) (User: )
Description: Faulting application nslookup.exe, version 6.0.6002.18005, time stamp 0x49e01d63, faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e39f, exception code 0xc0000138, fault offset 0x0006f52f,
process id 0xf78, application start time 0xnslookup.exe0.

Error: (10/19/2012 07:48:06 PM) (Source: Application Error) (User: )
Description: Faulting application nslookup.exe, version 6.0.6002.18005, time stamp 0x49e01d63, faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e39f, exception code 0xc0000138, fault offset 0x0006f52f,
process id 0xd80, application start time 0xnslookup.exe0.

Error: (10/19/2012 02:56:18 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (10/19/2012 02:56:16 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (10/19/2012 03:20:03 AM) (Source: MsiInstaller) (User: MY-PC)MY-PC
Description: Product: oRipa Yahoo Webcam Recorder1.2.2 -- Error 1721. There is a problem with this Windows Installer package. A program required for this install to complete could not be run. Contact your support personnel or package vendor. Action: _8BC0FC1F_7455_4768_BFC0_6B21072B3779, location: C:\Program Files (x86)\EjoyStudio\oRipa Yahoo Webcam Recorder1.2.2\files\UnRegKeys.exe, command: /Uninstall

Error: (10/19/2012 03:19:40 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Details:
AddWin32ServiceFiles: Unable to back up image of service WPDBusEnum since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (10/19/2012 02:45:13 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/19/2012 02:44:58 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (10/19/2012 02:25:39 AM) (Source: System Restore) (User: )
Description: Failed to create restore point on volume (Process = C:\Program Files\HitmanPro\HitmanPro.exe Files\HitmanPro\HitmanPro.exe" ; Descripton = ; Hr = 0x80070057).


System errors:
=============
Error: (10/19/2012 06:37:43 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 0.0.0.0

Update Source: %NT AUTHORITY59

Update Stage: 4.1.0522.00

Source Path: 4.1.0522.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (10/19/2012 08:12:44 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 0.0.0.0

Update Source: %NT AUTHORITY51

Update Stage: 4.1.0522.00

Source Path: 4.1.0522.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (10/19/2012 08:11:02 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 0.0.0.0

Update Source: %NT AUTHORITY51

Update Stage: 4.1.0522.00

Source Path: 4.1.0522.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (10/19/2012 08:11:02 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 0.0.0.0

Update Source: %NT AUTHORITY51

Update Stage: 4.1.0522.00

Source Path: 4.1.0522.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (10/19/2012 08:11:02 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 0.0.0.0

Update Source: %NT AUTHORITY51

Update Stage: 4.1.0522.00

Source Path: 4.1.0522.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (10/19/2012 06:03:38 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 0.0.0.0

Update Source: %NT AUTHORITY59

Update Stage: 4.1.0522.00

Source Path: 4.1.0522.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (10/19/2012 04:48:01 AM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage failed to grow.

Error: (10/19/2012 03:58:38 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 0.0.0.0

Update Source: %NT AUTHORITY51

Update Stage: 4.1.0522.00

Source Path: 4.1.0522.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (10/19/2012 03:56:54 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 0.0.0.0

Update Source: %NT AUTHORITY51

Update Stage: 4.1.0522.00

Source Path: 4.1.0522.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (10/19/2012 03:56:54 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 0.0.0.0

Update Source: %NT AUTHORITY51

Update Stage: 4.1.0522.00

Source Path: 4.1.0522.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608


Microsoft Office Sessions:
=========================
Error: (10/19/2012 07:48:31 PM) (Source: Application Error)(User: )
Description: nslookup.exe6.0.6002.1800549e01d63ntdll.dll6.0.6002.185414ec3e39fc00001380006f52f11e401cdae75c42c333b

Error: (10/19/2012 07:48:23 PM) (Source: Application Error)(User: )
Description: nslookup.exe6.0.6002.1800549e01d63ntdll.dll6.0.6002.185414ec3e39fc00001380006f52ff7801cdae75bf51575b

Error: (10/19/2012 07:48:06 PM) (Source: Application Error)(User: )
Description: nslookup.exe6.0.6002.1800549e01d63ntdll.dll6.0.6002.185414ec3e39fc00001380006f52fd8001cdae759f11350b

Error: (10/19/2012 02:56:18 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifestC:\Users\I\Desktop\03 esetsmart installer_enu.exe

Error: (10/19/2012 02:56:16 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifestC:\Users\I\Desktop\03 esetsmart installer_enu.exe

Error: (10/19/2012 03:20:03 AM) (Source: MsiInstaller)(User: MY-PC)MY-PC
Description: Product: oRipa Yahoo Webcam Recorder1.2.2 -- Error 1721. There is a problem with this Windows Installer package. A program required for this install to complete could not be run. Contact your support personnel or package vendor. Action: _8BC0FC1F_7455_4768_BFC0_6B21072B3779, location: C:\Program Files (x86)\EjoyStudio\oRipa Yahoo Webcam Recorder1.2.2\files\UnRegKeys.exe, command: /Uninstall (NULL)(NULL)(NULL)(NULL)

Error: (10/19/2012 03:19:40 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: Details:
AddWin32ServiceFiles: Unable to back up image of service WPDBusEnum since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (10/19/2012 02:45:13 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/19/2012 02:44:58 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifestC:\Users\I\Desktop\03 esetsmart installer_enu.exe

Error: (10/19/2012 02:25:39 AM) (Source: System Restore)(User: )
Description: C:\Program Files\HitmanPro\HitmanPro.exe Files\HitmanPro\HitmanPro.exe" 0x80070057


=========================== Installed Programs ============================

Apple Mobile Device Support (Version: 5.2.0.6)
Bonjour (Version: 3.0.0.10)
Conexant HD Audio (Version: 4.75.0.0)
DNA (Version: 2.2.4 (16502))
HDAUDIO Soft Data Fax Modem with SmartCP (Version: 7.80.2.0)
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
iTunes (Version: 10.1.2.17)
Marvell Miniport Driver (Version: 10.55.3.3)
Marvell® Wireless Card Software Package (Version: 2.0.32.3)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Security Client (Version: 4.1.0522.0)
Microsoft Security Essentials (Version: 4.1.522.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
O2Micro Flash Memory Card Reader Driver (x64) (Version: 3.24)
Synaptics Pointing Device Driver (Version: 9.2.3.0)
WIDCOMM Bluetooth Software 6.1.0.2200 (Version: 6.1.0.2200)
Winamp Detector Plug-in (Version: 1.0.0.1)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
WinRAR archiver

========================= Memory info: ===================================

Percentage of memory in use: 61%
Total physical RAM: 4024 MB
Available physical RAM: 1548.21 MB
Total Pagefile: 16141.98 MB
Available Pagefile: 13789.88 MB
Total Virtual: 4095.88 MB
Available Virtual: 3996.34 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:111.44 GB) (Free:5.42 GB) NTFS
2 Drive d: (DATA) (Fixed) (Total:111.44 GB) (Free:1.34 GB) NTFS

========================= Users: ========================================

User accounts for \\MY-PC

Administrator Guest I

========================= Restore Points ==================================


**** End of log ****

There Was some program that was not working during this scan, as you can see in the log.
Kept getting some popups.

#7 ak_907

ak_907
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:01 PM

Posted 19 October 2012 - 10:55 PM

Farbar Service Scanner Version: 07-10-2012
Ran by I (administrator) on 19-10-2012 at 19:54:06
Running from "C:\Users\I\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll
[2009-08-22 04:08] - [2009-04-10 23:11] - 0268288 ____A (Microsoft Corporation) 3ED0321127CE70ACDAABBF77E157C2A7

C:\Windows\System32\drivers\afd.sys
[2012-04-14 04:31] - [2012-01-03 06:25] - 0404992 ____A (Microsoft Corporation) C4F6CE6087760AD70960C9EB130E7943

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-07-20 05:01] - [2012-03-30 04:45] - 1422720 ____A (Microsoft Corporation) AC8D5728E6AD6A7C4819D9A67008337A

C:\Windows\System32\dnsrslvr.dll
[2011-12-15 21:20] - [2011-03-02 08:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0

C:\Windows\System32\mpssvc.dll
[2009-08-22 04:09] - [2009-04-10 23:11] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C

C:\Windows\System32\bfe.dll
[2009-08-22 04:08] - [2009-04-10 23:11] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe
[2009-08-22 04:09] - [2009-04-10 23:11] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1

C:\Windows\System32\wscsvc.dll
[2009-08-22 04:07] - [2009-04-10 23:11] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A

C:\Windows\System32\wbem\WMIsvc.dll
[2009-08-22 04:08] - [2009-04-10 23:11] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02

C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll
[2009-08-22 04:09] - [2009-04-10 23:11] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C

C:\Windows\System32\es.dll
[2009-08-22 04:09] - [2009-04-10 23:11] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF

C:\Windows\System32\cryptsvc.dll
[2012-07-20 05:02] - [2012-04-23 08:25] - 0174592 ____A (Microsoft Corporation) 62740B9D2A137E8CED41A9E4239A7A31

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2009-08-22 04:09] - [2009-04-10 23:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF



**** End of log ****

#8 ak_907

ak_907
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:01 PM

Posted 19 October 2012 - 11:22 PM

# AdwCleaner v2.005 - Logfile created 10/19/2012 at 19:57:06
# Updated 14/10/2012 by Xplode
# Operating system : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# User : I - MY-PC
# Boot Mode : Normal
# Running from : C:\Users\I\Desktop\06 adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.1 (en-US)

Profile name : default
File : C:\Users\I\AppData\RoamIng\MozIlla\FIrefox\Profiles\c7h4jw86.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S3].txt - [691 octets] - [19/10/2012 19:57:06]

########## EOF - C:\AdwCleaner[S3].txt - [750 octets] ##########

#9 ak_907

ak_907
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:01 PM

Posted 19 October 2012 - 11:49 PM

Junkware Removal Tool (JRT) by Thisisu
Version: 1.7.2 (10.17.2012)
OS: Windows ™ Vista Home Premium x64
Ran by I on Fri 10/19/2012 at 20:23:38.24
Blog: http://thisisudax.blogspot.com
**************************************************************




*** Services: 0 Detections



*** Registry Values: 0 Detections



*** Registry Keys: 0 Detections



*** Files: 0 Detections



*** Folders: 0 Detections



*** FireFox detected and repaired



*** Event Viewer Logs - Cleared





**************************************************************
Scan was completed on Fri 10/19/2012 at 20:46:17.88
End of Report

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:01 PM

Posted 19 October 2012 - 11:50 PM

Run the services repair tool

http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe

Run Farbar service scanner again and post the new log


Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#11 ak_907

ak_907
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:01 PM

Posted 20 October 2012 - 02:23 AM

System back to normal. Firewall working and Microsoft security essentials also works installed the updates i downloaded a couple of days ago.



A COUPLE OF DAYS AGO THE First time i used the ServicesRepair.exe my computer froze, also earlyer it froze again (During the restart) I waited over 90 minutes and decided to hold the power button and restart with the SAFE MODE. and it worked perfectly restarted super fast.
This Services repair must have been why it never fixed (From following your instructions in the other post)


here is the farbar scan



Farbar Service Scanner Version: 07-10-2012
Ran by I (administrator) on 19-10-2012 at 23:15:13
Running from "C:\Users\I\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll
[2009-08-22 04:08] - [2009-04-10 23:11] - 0268288 ____A (Microsoft Corporation) 3ED0321127CE70ACDAABBF77E157C2A7

C:\Windows\System32\drivers\afd.sys
[2012-04-14 04:31] - [2012-01-03 06:25] - 0404992 ____A (Microsoft Corporation) C4F6CE6087760AD70960C9EB130E7943

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-07-20 05:01] - [2012-03-30 04:45] - 1422720 ____A (Microsoft Corporation) AC8D5728E6AD6A7C4819D9A67008337A

C:\Windows\System32\dnsrslvr.dll
[2011-12-15 21:20] - [2011-03-02 08:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0

C:\Windows\System32\mpssvc.dll
[2009-08-22 04:09] - [2009-04-10 23:11] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C

C:\Windows\System32\bfe.dll
[2009-08-22 04:08] - [2009-04-10 23:11] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe
[2009-08-22 04:09] - [2009-04-10 23:11] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1

C:\Windows\System32\wscsvc.dll
[2009-08-22 04:07] - [2009-04-10 23:11] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A

C:\Windows\System32\wbem\WMIsvc.dll
[2009-08-22 04:08] - [2009-04-10 23:11] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02

C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll
[2009-08-22 04:09] - [2009-04-10 23:11] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C

C:\Windows\System32\es.dll
[2009-08-22 04:09] - [2009-04-10 23:11] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF

C:\Windows\System32\cryptsvc.dll
[2012-07-20 05:02] - [2012-04-23 08:25] - 0174592 ____A (Microsoft Corporation) 62740B9D2A137E8CED41A9E4239A7A31

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2009-08-22 04:09] - [2009-04-10 23:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF



**** End of log ****

#12 ak_907

ak_907
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:01 PM

Posted 20 October 2012 - 02:31 AM

Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/19/2012 11:25:28 PM in x64 mode.
Windows Version: Windows Vista ™ Home Premium Service Pack 2

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Windows\psvmon2.exe (PID: 2956) [WD-HEUR]
* C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe (PID: 3884) [WD-HEUR]

2 proccesses terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:
* C:\Windows\assembly\GAC_64\Desktop.ini [ZA File]

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost
::1 localhost

Program finished at: 10/19/2012 11:25:47 PM
Execution time: 0 hours(s), 0 minute(s), and 19 seconds(s)









Autoruns Text log







"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms" "" "" ""
+ "rdpclip" "" "" "File not found: rdpclip"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "HotKeysCmds" "hkcmd Module" "Intel Corporation" "c:\windows\system32\hkcmd.exe"
+ "IAAnotif" "Event Monitor User Notification Tool" "Intel Corporation" "c:\program files (x86)\intel\intel matrix storage manager\iaanotif.exe"
+ "IgfxTray" "igfxTray Module" "Intel Corporation" "c:\windows\system32\igfxtray.exe"
+ "MSC" "Microsoft Security Client User Interface" "Microsoft Corporation" "c:\program files\microsoft security client\msseces.exe"
+ "Persistence" "persistence Module" "Intel Corporation" "c:\windows\system32\igfxpers.exe"
+ "SynTPEnh" "Synaptics TouchPad Enhancements" "Synaptics, Inc." "c:\program files\synaptics\syntp\syntpenh.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adobe Reader Speed Launcher" "Adobe Acrobat SpeedLauncher" "Adobe Systems Incorporated" "c:\program files (x86)\adobe\reader 9.0\reader\reader_sl.exe"
+ "DivXUpdate" "DivX Update" "" "c:\program files (x86)\divx\divx update\divxupdate.exe"
+ "iTunesHelper" "iTunesHelper" "Apple Inc." "c:\program files (x86)\itunes\ituneshelper.exe"
+ "MaxMenuMgr" "" "" "File not found: C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
+ "psvmon2" "" "" "c:\windows\psvmon2.exe"
+ "QuickTime Task" "QuickTime Task" "Apple Inc." "c:\program files (x86)\quicktime\qttask.exe"
+ "Trigger New Acer AlaunchX" "Acer GAIA AppInRun (Acer Launch Tool Utility)" "Acer Inc." "c:\acer\preload\command\alaunchx\appinrun.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce" "" "" ""
+ "New Acer AlaunchX" "Acer GAIA LaunchAlaunchX" "Acer Inc." "c:\acer\preload\command\alaunchx\launchalaunchx.exe"
"C:\Users\I\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup" "" "" ""
+ "desktop (2).ini" "" "" "c:\users\i\appdata\roaming\microsoft\windows\start menu\programs\startup\desktop (2).ini"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows Mail 7" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows Mail 7" "Windows Mail" "Microsoft Corporation" "c:\program files (x86)\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "BitTorrent" "BitTorrent" "BitTorrent, Inc." "c:\program files (x86)\bittorrent\bittorrent.exe"
+ "BitTorrent DNA" "DNA" "BitTorrent, Inc." "c:\program files (x86)\dna\btdna.exe"
"HKLM\SOFTWARE\Microsoft\Windows CE Services\AutoStartOnConnect" "" "" ""
+ "BTW Setup Wizard" "BtWizard Module" "Broadcom Corporation." "c:\windows\system32\btwizard.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
+ "MagicISO" "MagicISO Shell Extension Module" "MagicISO, Inc." "c:\program files (x86)\magiciso\misosh64.dll"
+ "TR" "" "" "File not found: C:\Program Files (x86)\TagRename\TRshell64.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "jZip" "jZip shell extension" "Discordia Limited" "c:\program files (x86)\jzip\jzipshell.dll"
+ "WinRAR32" "" "" "c:\program files\winrar\rarext32.dll"
+ "WSE Class" "" "" "File not found: C:\Program Files (x86)\Common Files\Winferno\WSE2007.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
+ "MagicISO" "MagicISO Shell Extension Module" "MagicISO, Inc." "c:\program files (x86)\magiciso\misosh64.dll"
+ "TR" "" "" "File not found: C:\Program Files (x86)\TagRename\TRshell64.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "WinRAR32" "" "" "c:\program files\winrar\rarext32.dll"
+ "WSE Class" "" "" "File not found: C:\Program Files (x86)\Common Files\Winferno\WSE2007.dll"
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
+ "WinRAR32" "" "" "c:\program files\winrar\rarext32.dll"
"HKLM\Software\Classes\Directory\Shellex\CopyHookHandlers" "" "" ""
+ "Monitor" "BTNCopy Module" "Broadcom Corporation." "c:\windows\system32\btncopy.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "igfxcui" "igfxpph Module" "Intel Corporation" "c:\windows\system32\igfxpph.dll"
+ "TR" "" "" "File not found: C:\Program Files (x86)\TagRename\TRshell64.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "MagicISO" "MagicISO Shell Extension Module" "MagicISO, Inc." "c:\program files (x86)\magiciso\misosh64.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "jZip" "jZip shell extension" "Discordia Limited" "c:\program files (x86)\jzip\jzipshell.dll"
+ "WinRAR32" "" "" "c:\program files\winrar\rarext32.dll"
+ "WSE Class" "" "" "File not found: C:\Program Files (x86)\Common Files\Winferno\WSE2007.dll"
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" ""
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\DragDropHandlers" "" "" ""
+ "WinRAR32" "" "" "c:\program files\winrar\rarext32.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "DivX Plus Web Player HTML5 <video>" "DivX Plus Web Player HTML5 <video> version 2.1.2.145" "DivX, LLC" "c:\program files (x86)\divx\divx plus web player\ie\divxhtml5\divxhtml5.dll"
+ "Google Dictionary Compression sdch" "" "" "File not found: C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll"
+ "Google Toolbar Helper" "" "" "File not found: C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll"
+ "Google Toolbar Notifier BHO" "" "" "File not found: C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files (x86)\java\jre6\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files (x86)\java\jre6\bin\ssv.dll"
+ "jZip Webmail plugin" "jZip Webmail plugin" "Discordia Limited" "c:\program files (x86)\jzip\webmailplugin.dll"
+ "PCCBHO.CPCCBHO" "" "" "File not found: C:\Program Files (x86)\Winferno\PC Confidential\PCCBHO.dll"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "&Google Toolbar" "" "" "File not found: C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "Send to &Bluetooth Device..." "" "" "c:\program files\widcomm\bluetooth software\btsendto_ie.htm"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "Rip YouTube file embedded in this page" "" "" "File not found: C:\Program Files (x86)\AllMusicConverter\YouTubeRipper.dll"
+ "Send to &Bluetooth Device..." "" "" "c:\program files\widcomm\bluetooth software\btsendto_ie.htm"
"Task Scheduler" "" "" ""
+ "\Apple\AppleSoftwareUpdate" "Apple Software Update" "Apple Inc." "c:\program files (x86)\apple software update\softwareupdate.exe"
+ "\Express FilesUpdate" "" "" "File not found: C:\Program Files (x86)\ExpressFiles\EFUpdater.exe"
+ "\GoogleUpdateTaskMachineCore" "" "" "File not found: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe"
+ "\GoogleUpdateTaskMachineUA" "" "" "File not found: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe"
+ "\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\microsoft security client\mpcmdrun.exe"
+ "\Microsoft\Microsoft Antimalware\MpIdleTask" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\microsoft security client\mpcmdrun.exe"
+ "\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task" "Windows Live Social Object Extractor Engine" "Microsoft Corporation" "c:\program files (x86)\windows live\soxe\wlsoxe.dll"
+ "\Microsoft\Windows\WindowsCalendar\Reminders - I" "Windows Calendar" "Microsoft Corporation" "c:\program files\windows calendar\wincal.exe"
+ "\Microsoft\Windows\Wired\GatherWiredInfo" "" "" "c:\windows\system32\gatherwiredinfo.vbs"
+ "\Microsoft\Windows\Wireless\GatherWirelessInfo" "" "" "c:\windows\system32\gatherwirelessinfo.vbs"
+ "\RealCreateProcessScheduledTask219482112S-1-5-21-3628880641-1483083312-1962599724-1013" "" "" "File not found: c:\program files (x86)\real\realplayer\update\realsched.exe"
+ "\RealCreateProcessScheduledTask557563S-1-5-21-3628880641-1483083312-1962599724-1013" "" "" "File not found: c:\program files (x86)\real\realplayer\update\realsched.exe"
+ "\RealUpgradeLogonTaskS-1-5-21-3628880641-1483083312-1962599724-1013" "" "" "File not found: C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe"
+ "\RealUpgradeScheduledTaskS-1-5-21-3628880641-1483083312-1962599724-1000" "" "" "File not found: C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe"
+ "\RealUpgradeScheduledTaskS-1-5-21-3628880641-1483083312-1962599724-1013" "" "" "File not found: C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc." "c:\program files\bonjour\mdnsresponder.exe"
+ "ETService" "Acer Empowering Technology Service" "" "c:\program files\gateway\gateway recovery management\service\etservice.exe"
+ "GameConsoleService" "GameConsole management services" "" "File not found: C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe"
+ "HsfXAudioService" "User-mode gate for Modem Speakerphone" "Conexant Systems, Inc." "c:\windows\syswow64\xaudio64.dll"
+ "IAANTMON" "RAID Monitor" "Intel Corporation" "c:\program files (x86)\intel\intel matrix storage manager\iaantmon.exe"
+ "IDriverT" "Provides support for the Running Object Table for InstallShield Drivers" "Macrovision Corporation" "c:\program files (x86)\common files\installshield\driver\11\intel 32\idrivert.exe"
+ "MBAMScheduler" "Malwarebytes Anti-Malware scheduler" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamscheduler.exe"
+ "MBAMService" "Malwarebytes Anti-Malware service" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamservice.exe"
+ "MozillaMaintenance" "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled." "Mozilla Foundation" "c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe"
+ "MsMpSvc" "Helps protect users from malware and other potentially unwanted software" "Microsoft Corporation" "c:\program files\microsoft security client\msmpeng.exe"
+ "NisSrv" "Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols" "Microsoft Corporation" "c:\program files\microsoft security client\nissrv.exe"
+ "o2flash" "O2 Flash Memory Service" "O2Micro International" "c:\program files (x86)\o2micro flash memory card driver\o2flash.exe"
+ "SoundMovieServer" "SoundMovieServer" "SoundMovieServer" "c:\windows\syswow64\snmvtsvc.exe"
+ "WinDefend" "Scan your computer for unwanted software, schedule scans, and get the latest unwanted software definitions." "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll"
+ "wlidsvc" "Enables Windows Live ID authentication." "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidsvc.exe"
+ "WPDBusEnum" "@%SystemRoot%\system32\wpdbusenum.dll,-101" "" "File not found: C:\Windows\system32\wpdbusenum.dll"
+ "XAudioService" "User-mode gate for Modem Speakerphone" "Conexant Systems, Inc." "c:\windows\system32\drivers\xaudio64.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "appliand" "APPLIAND helper driver" "Applian Technologies Inc." "c:\windows\system32\drivers\appliand.sys"
+ "appliandMP" "APPLIAND helper driver" "Applian Technologies Inc." "c:\windows\system32\drivers\appliand.sys"
+ "ASPI" "" "" "File not found: C:\Windows\System32\DRIVERS\ASPI32.sys"
+ "ASPI32" "" "" "File not found: C:\Windows\System32\Drivers\ASPI32.sys"
+ "athr" "Atheros Extensible Wireless LAN device driver" "Atheros Communications, Inc." "c:\windows\system32\drivers\athrx.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "btwaudio" "Bluetooth Audio Device" "Broadcom Corporation." "c:\windows\system32\drivers\btwaudio.sys"
+ "btwavdt" "Broadcom Bluetooth AVDT Service" "Broadcom Corporation." "c:\windows\system32\drivers\btwavdt.sys"
+ "btwl2cap" "Broadcom Bluetooth L2CAP Service" "Broadcom Corporation." "c:\windows\system32\drivers\btwl2cap.sys"
+ "btwrchid" "Bluetooth Remote Control HID Minidriver" "Broadcom Corporation." "c:\windows\system32\drivers\btwrchid.sys"
+ "CAXHWAZL" "HSF_HWAZL WDM driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\caxhwazl.sys"
+ "CnxtHdAudService" "64-bit High Definition Audio Function Driver" "Conexant Systems Inc." "c:\windows\system32\drivers\chdrt64.sys"
+ "E1G60" "Intel® PRO/1000 Adapter NDIS 6 deserialized driver" "Intel Corporation" "c:\windows\system32\drivers\e1g6032e.sys"
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "HSF_DPV" "HSF_DP driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\cax_dpv.sys"
+ "HSFHWAZL" "HSF_HWAZL WDM driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\vstazl6.sys"
+ "iaStor" "Intel Matrix Storage Manager driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastor.sys"
+ "igfx" "Intel Graphics Kernel Mode Driver" "Intel Corporation" "c:\windows\system32\drivers\igdkmd64.sys"
+ "int15" "Acer int15 service" "Acer, Inc." "c:\windows\syswow64\drivers\int15_64.sys"
+ "int15.sys" "" "" "c:\acer\preload\autorun\drv\foxconn bluetooth bcm2045nmd\int15.sys"
+ "IntcHdmiAddService" "Intel® High Definition Audio HDMI" "Intel® Corporation" "c:\windows\system32\drivers\intchdmi.sys"
+ "IpInIp" "IP in IP Tunnel Driver" "" "File not found: system32\DRIVERS\ipinip.sys"
+ "LHidFilt" "Logitech HID Filter Driver." "Logitech, Inc." "c:\windows\system32\drivers\lhidfilt.sys"
+ "LMouFilt" "Logitech Mouse Filter Driver." "Logitech, Inc." "c:\windows\system32\drivers\lmoufilt.sys"
+ "MBAMProtector" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\windows\system32\drivers\mbam.sys"
+ "mcdbus" "MagicISO SCSI Host Controller" "MagicISO, Inc." "c:\windows\system32\drivers\mcdbus.sys"
+ "mdmxsdk" "Diagnostic Interface x64 Driver" "Conexant" "c:\windows\system32\drivers\mdmxsdk.sys"
+ "MusCAudio" "Support Device" "Windows ® Codename Longhorn DDK provider" "c:\windows\system32\drivers\muscaudio.sys"
+ "NwlnkFlt" "IPX Traffic Filter Driver" "" "File not found: system32\DRIVERS\nwlnkflt.sys"
+ "NwlnkFwd" "IPX Traffic Forwarder Driver" "" "File not found: system32\DRIVERS\nwlnkfwd.sys"
+ "O2MDRDR" "o2media" "O2Micro " "c:\windows\system32\drivers\o2mdx64.sys"
+ "O2SDRDR" "O2Micro SD Reader Driver (AMD64)" "O2Micro " "c:\windows\system32\drivers\o2sdx64.sys"
+ "RTL8187Se" "Realtek RTL8187S PCIE NDIS Driverr" "Realtek Semiconductor Corporation " "c:\windows\system32\drivers\rtl8187se.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "SynTP" "Synaptics Touchpad Driver" "Synaptics, Inc." "c:\windows\system32\drivers\syntp.sys"
+ "USBAAPL64" "Apple Mobile Device USB Driver" "Apple, Inc." "c:\windows\system32\drivers\usbaapl64.sys"
+ "UVCFTR" "UVCFTR_S.sys" "Chicony Electronics Co., Ltd." "c:\windows\system32\drivers\uvcftr_s.sys"
+ "winachsf" "HSF_CNXT driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\cax_cnxt.sys"
+ "XAudio" "Modem Audio Device Driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\xaudio64.sys"
+ "yukonx64" "Miniport Driver for Marvell Yukon Ethernet Controller." "Marvell" "c:\windows\system32\drivers\yk60x64.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.ac3acm" "AC-3 ACM Decompressor" "fccHandler" "c:\windows\syswow64\ac3acm.acm"
+ "msacm.alf2cd" "NCT ALF2CD Audio CODEC" "NCT Company" "c:\windows\syswow64\alf2cd.acm"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codeca.acm"
+ "msacm.scg726" "SHARP G.726 ACM Audio Decoder" "SHARP Corporation" "c:\windows\syswow64\scg726.acm"
+ "msacm.voxacm160" "Voxware Audio Compression Manager Driver" "Voxware, Inc." "c:\windows\syswow64\vct3216.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\syswow64\iccvid.dll"
+ "vidc.DIVX" "DivX" "DivX, Inc." "c:\windows\syswow64\divx.dll"
+ "vidc.dvsd" "MainConcept DV Codec" "MainConcept" "c:\windows\syswow64\mcdvd_32.dll"
+ "vidc.XVID" "" "" "File not found: xvidvfw.dll"
+ "vidc.yv12" "DivX" "DivX, Inc." "c:\windows\syswow64\divx.dll"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "9x8Resize" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Allocator Fix" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Bitmap" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Capture ASF Writer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "DivX Decoder Filter" "DivX Decoder Filter" "DivX, Inc." "c:\program files\divx\divx codec\divxdec.ax"
+ "Frame Eater" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Multiple File Output" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Proxy Sink" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Proxy Source" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Record Queue" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ShotDetect" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Stetch" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WM VIH2 Fix" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Audio Analyzer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "AVS Video Out" "" "" "File not found: C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSVideoOutFilter3.ax"
+ "DivX AAC Decoder" "AAC audio decoder filter" "DivX, Inc." "c:\program files (x86)\divx\divx plus directshow filters\daac.ax"
+ "DivX Decoder Filter" "DivX Decoder Filter" "DivX, Inc." "c:\program files (x86)\divx\divx codec\divxdec.ax"
+ "DivX Demux Filter" "DivX Plus DMF Navigator Filter" "DivX, Inc." "c:\program files (x86)\divx\divx plus directshow filters\directshowdemuxfilter.dll"
+ "DivX Demux Filter (Unrestricted Edition)" "DivX Plus DMF Navigator Filter" "DivX, Inc." "c:\program files (x86)\divx\divx plus directshow filters\directshowdemuxfilter.dll"
+ "DivX H.264 Decoder" "DivX H.264 Decoder Filter" "DivX, Inc." "c:\program files (x86)\divx\divx plus directshow filters\divxdech264.ax"
+ "Essien R&D MPEG Writer Filter" "DirectShow MPEG Writing and Multiplexing DirectShow Filter" "Essien Research & Development" "c:\windows\syswow64\mpgfiltr.ax"
+ "MPEG Layer-3 Decoder" "MPEG Layer-3 Audio Decoder" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codecx.ax"
+ "QuickTime Writer" "" "Viscom Software www.viscomsoft.com" "c:\windows\syswow64\viscomqtenc.dll"
+ "QuickTimeDecoder Filter" "" "Viscom Software www.viscomsoft.com" "c:\windows\syswow64\viscomqtde.dll"
+ "RealAudio Decoder" "RealMedia Splitter" "Gabest" "c:\windows\syswow64\realmediasplitter.ax"
+ "RealMedia Source" "RealMedia Splitter" "Gabest" "c:\windows\syswow64\realmediasplitter.ax"
+ "RealMedia Splitter" "RealMedia Splitter" "Gabest" "c:\windows\syswow64\realmediasplitter.ax"
+ "RealVideo Decoder" "RealMedia Splitter" "Gabest" "c:\windows\syswow64\realmediasplitter.ax"
+ "WAV Dest" "" "Viscom Software" "c:\windows\syswow64\viscomwave.dll"
+ "WS ScreenCapture" "" "" "File not found: C:\Program Files (x86)\Daniusoft\Media Converter Pro\ScreenCaptureFilter.ax"
+ "XviD MPEG-4 Video Decoder" "" "" "File not found: C:\Windows\SysWOW64\xvid.ax"
+ "ZJSoft RealAudio Decoder" "" "" "File not found: C:\Program Files (x86)\WinAVI MP4 Converter\Filter\RealMediaSplitter.ax"
+ "ZJSoft RealMedia Source" "" "" "File not found: C:\Program Files (x86)\WinAVI MP4 Converter\Filter\RealMediaSplitter.ax"
+ "ZJSoft RealMedia Splitter" "" "" "File not found: C:\Program Files (x86)\WinAVI MP4 Converter\Filter\RealMediaSplitter.ax"
+ "ZJSoft RealVideo Decoder" "" "" "File not found: C:\Program Files (x86)\WinAVI MP4 Converter\Filter\RealMediaSplitter.ax"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls" "" "" ""
+ "c:\progra~2\bandoo\bndhook.dll" "" "" "File not found: c:\progra~2\bandoo\bndhook.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "igfxcui" "igfxdev Module" "Intel Corporation" "c:\windows\system32\igfxdev.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files (x86)\bonjour\mdnsnsp.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll"
"C:\Users\I\AppData\Local\Microsoft\Windows Sidebar\Settings.ini" "" "" ""
+ "Amazon.com Search" "Amazon Gadget Search." "Amazon" "C:\Users\I\AppData\Local\Microsoft\Windows Sidebar\Gadgets\amazon_search[1].gadget\Gadget.xml"
+ "Feed Headlines" "Track the latest news, sports, and entertainment headlines." "Microsoft Corporation" "C:\Program Files\windows sidebar\gadgets\RSSFeeds.Gadget\en-US\Gadget.xml"
+ "Google 搜索" "Google Gadget Search." "Google" "C:\Users\I\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Google_Gadget_EN[1].gadget\Gadget.xml"
+ "Picture Puzzle" "Move the pieces of the puzzle and try to put them in order." "Microsoft Corporation" "C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\Gadget.xml"
+ "Weather" "See what the weather looks like around the world." "Microsoft Corporation" "C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\Gadget.xml"

#13 ak_907

ak_907
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:01 PM

Posted 20 October 2012 - 02:43 AM

got one more question.

I use a Wireless router and when I Leave the Router firewall on it blocks my windows Auto update. so I have to manually update my windows.
is there some way to keep the router from blocking the auto update?

Not sure if I would want to leave my firewall off anymore. to many viruses


Also thanks for the help with the trojan removal.:) Thought my computer was trashed. :thumbup2:

Edited by ak_907, 20 October 2012 - 03:42 AM.


#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:01 PM

Posted 20 October 2012 - 06:41 AM

Run RKILL given in previous instructions and post the new log

Regarding windows updates,the error should have been caused by missing windows update services(not due to router firewall) which we have fixed now.You should not have issues updating now.

Edited by narenxp, 20 October 2012 - 06:59 AM.


#15 ak_907

ak_907
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:01 PM

Posted 20 October 2012 - 06:55 AM

Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/20/2012 03:50:42 AM in x64 mode.
Windows Version: Windows Vista ™ Home Premium Service Pack 2

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost
::1 localhost

Program finished at: 10/20/2012 03:51:00 AM
Execution time: 0 hours(s), 0 minute(s), and 17 seconds(s)



About the auto update.
This has been happening for awhile now, I seen in the Belkin (router) Security Log
that it blocks a IP address that is the same as my computer ip address.
I don't know to much about routers so I thought i would ask.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users